Buffer overflow in PHP "wordwrap" function From: "David F. Skoll" <dfs@roaringpenguin.com> To: bugtraq@securityfocus.com Date: Yesterday 22.43.44 Message was signed with unknown key 0x13624131. The validity of the signature cannot be verified. There is a buffer overflow in PHP's built-in "wordwrap" function for PHP versions greater than 4.1.2 and less than 4.3.0. Please see http://bugs.php.net/bug.php?id=20927 for details. If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap. Exploit looks very difficult, but still theoretically possible. Status: Bug cause discovered: 10 Dec 2002 PHP team notified: 10 Dec 2002 Bug fixed in CVS: 12 Dec 2002 PHP 4.3.0 released: 27 Dec 2002 Kudos to the PHP team for their extremely rapid reaction. Recommendations: Don't upgrade from 4.1.2 if you are certain there are no security problems with your 4.1.2 setup and you may be vulnerable to the wordwrap() bug. Otherwise, upgrade to 4.3.0 -- David F. Skoll Roaring Penguin Software Inc. | http://www.roaringpenguin.com GPG fingerprint: 58BB 6D86 6F6F 84D0 2C89 59D1 CD1C CAEE 1362 4131 GPG public key: http://www.roaringpenguin.com/dskoll-key-2003.txt ID: 13624131 End of signed message
4.3.0 has been added to portage for testing.
php 4.3.0 had been unmasked in portage, so I guess this can be closed...
glsa sent
